repo-mirrors/dlt
1
0
Fork 0
mirror of https://github.com/dlt-hub/dlt.git synced 2025-12-17 19:31:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add GitHub Actions workflow for dependency submission of uv.lock files

Browse Source
This commit is contained in:
Anton Burnashev
2025-12-10 20:11:51 +01:00
parent 6658d5468d
commit 28e680fe36
1 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
.github/workflows/dependency-submission.yml vendored Normal file
View File

@@ -0,0 +1,33 @@
# Submits uv.lock dependencies to GitHub's dependency graph for security scanning.
# Requires: Settings → Security → Dependency graph enabled.
# See: https://github.com/rmuir/uv-dependency-submission
name: Dependency Submission
on:
workflow_dispatch:
push:
branches: ['master', 'devel']
paths:
- '**/uv.lock'
permissions: {}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
dependency-submission:
name: Submit uv dependencies
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: write # required to submit dependency graph data
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with:
persist-credentials: false
- name: Submit dependency snapshot
uses: rmuir/uv-dependency-submission@1c48aaac13e566e39fd04269ff1900b86c1105c5 # v1.0.0